CN101447996B - Defending method for distributed service-refusing attack and system and device thereof - Google Patents
Defending method for distributed service-refusing attack and system and device thereof Download PDFInfo
- Publication number
- CN101447996B CN101447996B CN200810189812A CN200810189812A CN101447996B CN 101447996 B CN101447996 B CN 101447996B CN 200810189812 A CN200810189812 A CN 200810189812A CN 200810189812 A CN200810189812 A CN 200810189812A CN 101447996 B CN101447996 B CN 101447996B
- Authority
- CN
- China
- Prior art keywords
- port
- server
- cos
- protection
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a defending method for a distributed service-refusing attack and a system and a device thereof. The method comprises the following steps: scanning the port of a protected server regularly, and confirming the service type of the port; generating a service strategy corresponding to the protected server according to the service type of the port; filtering a data flow accessing the protected server by employing the service strategy. The invention can be employed to ensure the security of the data of an application layer, and improve the defending capability of a network against the distributed service-refusing attack.
Description
Technical field
The present invention relates to network technology, be specifically related to a kind of distributed denial of service attack means of defence, system and equipment.
Background technology
Denial of service (DOS, Denial of Service) is meant to use and exceeds by the mass data bag consumption systems available bandwidth resources of target of attack disposal ability, causes a kind of attack means of network service paralysis.It is exactly to utilize rational services request to take too much Service Source that the attack pattern of DoS has a variety of, the most basic DoS attacks, thus the response that makes validated user obtain serving.Single DoS attack generally adopts mode one to one, and is low when target of attack CPU speed, internal memory is little or not high its effect of little or the like each item performance index of the network bandwidth is tangible.Along with the development of computer and network technology, the disposal ability of computer increases rapidly, and internal memory increases greatly, other network of gigabit level also occurred simultaneously, and this makes the degree of difficulty of DoS attack strengthen.At this moment, distributed denial of service attack (DDOS, Distributed Denial of Service) arises at the historic moment.
DDOS is the one type of attack pattern that on traditional DoS attack basis, produces.As shown in Figure 1, whole DDOS attacks and is meant that mainly the assailant utilizes master hosts to do a large amount of infected and controlled main frames (controlled main frame) composition of springboard (the multistage multilayer of possibility) control attacking networks and comes victim host is carried out large-scale Denial of Service attack.This attack often can be amplified single assailant's attack with progression form, thereby subscriber's main station is caused significant impact, also can cause heavy congestion to network.
The attack type of DDoS mainly comprises three kinds of modes at present, and promptly TCP-SYN Flood (transmission control protocol synchronous flood) attacks, UDP Flood (UDP flood) attacks and submit to script to attack.
In order to defend that operator is difficult to avoid and serious day by day Cyberthreat, the also corresponding DoS/DDoS defence security solution of having issued oneself of some security firms.Wherein a kind of scheme is at the metropolitan area network of operator or IDC (Internet Data Center; Internet data center) makes up a DoS/DDoS flow cleaning center in; Be about to two DoS/DDoS defensive equipment bypass section and be deployed on two metropolitan area network core routers, two DoS/DDoS defensive equipments have constituted metropolitan area network security protection/DDoS cleaning center, the downlink data of security protection center listens for network; The notice cleaning center is cleaned after the security protection center is found to attack; Cleaning center notice core router will be arrived cleaning center by the data stream guiding of the protection network segment, reach to filter out the DDOS attack traffic, the purpose of clearance normal access flow.
In realizing process of the present invention, the inventor finds that at least also there is following problem in this solution:
Because conventional at present protection algorithm mostly is three layers, four a layers guard technology that adopt, and is not directed to the protection of application layer, promptly cleaning center can't application data be filtered.
Summary of the invention
The embodiment of the invention provides a kind of distributed denial of service attack means of defence, system and equipment, to ensure the fail safe of application layer data, improves the protective capacities that network is attacked DDOS.
A kind of distributed denial of service attack means of defence that the embodiment of the invention provides comprises:
Timing scan is protected one or more ports of server, confirms the COS of said port;
COS according to said port generates corresponding said by the service strategy of protection server;
Utilize said service strategy to filter to visiting said stream by the protection data in server;
Said timing scan is protected one or more ports of server, confirms that the COS of said port comprises:
Select to be checked by one or more ports of protection server whether said port is in open state;
Send predetermined packet to the port that is in open state;
The packet that returns according to said port is confirmed the COS of said port.
A kind of distributed denial of service attack guard system that the embodiment of the invention provides comprises:
Scanning means is used for one or more ports that timing scan is protected server, confirms the COS of said port; And generate corresponding said by the service strategy of protection server according to the COS of said port;
Cleaning device utilizes said service strategy to filter visiting said stream by the protection data in server;
Said scanning means comprises:
The port selected cell is used to select to be protected one or more ports of server;
The status checkout unit is used to check whether said port is in open state;
COS is confirmed the unit, is used for to confirming that through said status checkout unit inspection the port that is in open state sends predetermined packet, and the packet that returns according to said port is confirmed the COS of said port;
The strategy generation unit is used for generating corresponding said by the service strategy of protection server according to the COS of said port.
A kind of scanning means that the embodiment of the invention provides comprises:
The port selected cell is used to select to be protected one or more ports of server;
The status checkout unit is used to check whether said port is in open state;
COS is confirmed the unit, is used for to confirming that through said status checkout unit inspection the port that is in open state sends predetermined packet, and the packet that returns according to said port is confirmed the COS of said port;
The strategy generation unit is used for generating corresponding said by the service strategy of protection server according to the COS of said port.
Distributed denial of service attack means of defence and system that the embodiment of the invention provides; Protected the port of server through timing scan; Confirm the COS of said port; COS according to said port generates the corresponding said service strategy of being protected server, utilizes said service strategy to filter visiting said stream by the protection data in server.Thereby can prevent the application service flood attack on the similar UDP of stateless service, guarantee the safety of application layer data, improve the protective capacities that network is attacked DDOS.
Description of drawings
Fig. 1 is the principle schematic that DDOS attacks in the prior art;
Fig. 2 is the flow chart of embodiment of the invention distributed denial of service attack means of defence;
Fig. 3 is the flow chart to being scanned by the protection server in the embodiment of the invention method;
Fig. 4 is a kind of structural representation of embodiment of the invention distributed denial of service attack guard system;
Fig. 5 is the another kind of structural representation of embodiment of the invention distributed denial of service attack guard system;
Fig. 6 is a kind of application networking sketch map of embodiment of the invention distributed denial of service attack guard system;
Fig. 7 is that the another kind of embodiment of the invention distributed denial of service attack guard system is used the networking sketch map;
Fig. 8 is the structural representation of embodiment of the invention scanning means;
Fig. 9 is the structural representation of embodiment of the invention cleaning device.
Embodiment
In order to make those skilled in the art person understand the scheme of the embodiment of the invention better, the embodiment of the invention is done further to specify below in conjunction with accompanying drawing and execution mode.
As shown in Figure 2, be the flow chart of embodiment of the invention distributed denial of service attack means of defence, mainly may further comprise the steps:
Protected the port of server in scanning; When confirming the COS of said port; Can select to be protected one or more ports of server; Check whether said port is in open state, send predetermined packet to the port that is in open state then, the packet that returns according to said port is confirmed the COS of said port;
When whether the said port of inspection is in open state, send a request message to said port, if receive the answer message of said port, can confirm that then said port is in open state;
In a network system, it is a plurality of to need protected server to have, and can be distributed in the different network segments.Like this, can be successively one or more ports of these servers be scanned, confirm the COS of each port;
Certainly, need the server of scanning and these information of port of server, can be pre-configured, can it be left in the listing file, when needing scanning, the address of from this listing file, reading each server is successively scanned;
Said service strategy can comprise following a kind of or multiple arbitrarily: illegal ports filter, protocol contents inspection, protocol data speed limit; Certainly, the embodiment of the invention is not limited in these several kinds, can also generate thinner service strategy;
Such as, at first carry out illegal ports filter, the data flow of visiting the not open port is directly abandoned; The data flow of access open port is carried out the protocol contents inspection, promptly utilize the protocol format of application protocol to carry out the data packet format verification, incongruent packet directly abandons; In addition, can also further carry out the protocol data speed limit and handle, such as, the service priority of confirming according to the importance and the user of service dynamically generates the speed limit threshold value of each service, and assurance user's important flow can preferentially pass through.
It is thus clear that; The embodiment of the invention is through scanning quilt protection server; COS according to said port generates the corresponding said service strategy of being protected server, thereby can be filled into some invalid datas streams of this port of flowing through according to its port type, even to visiting the stateless data such as UDP that this is protected server; Also can filter, thereby guarantee by the safety of protection server according to corresponding service strategy.
Mention in front, in a network system, it is a plurality of to need protected server to have, and can be distributed in the different network segments.To this situation, can the server that need scanning and these information of port of server be left in the listing file, when needing scanning, the address of from this listing file, reading each server is successively scanned.
Fig. 3 shows the flow chart to being scanned by the protection server in the embodiment of the invention method, mainly may further comprise the steps:
Whether step 306 also has server to be scanned in the inspection server list file; If then execution in step 302; Otherwise execution in step 307;
Step 307 is according to the service strategy of corresponding each server of scanning result generation.
Need to prove, mainly can solve the application service flood safety problem on the similar UDP of stateless service through the service strategy that generates, guarantee the safety of application layer data.
The method of the embodiment of the invention; Can carry out real time filtering to visiting said stream by the protection data in server; And owing to be according to the TCP result who is protected server is generated corresponding service strategy; Thereby can be filled into the application service flood attack on the similar UDP of stateless service, and illegal application data according to this service strategy.Also can combine existing protection algorithm to three layers, four layers simultaneously, realize protection simultaneously three layers, four layers and application layer.
Such as, test access is said by protection data in server stream in real time, if find that the attack data are arranged in the said data flow, then according to preset protection algorithm said data flow is cleaned.
When concrete the realization; A cleaning center can be set; When in finding said data flow, the data of attack being arranged; The notice cleaning center will be visited said stream by the protection data in server by cleaning center notice core router and will be directed to this cleaning center, said data flow cleaned according to preset protection algorithm by cleaning center.Said preset protection algorithm can be conventional protection algorithm to three layers, four layers.Simultaneously, also need the service strategy that generate also be sent to cleaning center.Like this; After cleaning center is cleaned said data flow according at first preset protection algorithm; And then according to said service strategy the data flow after cleaning is filtered, thereby both can guarantee to be protected the fail safe of server, can improve the treatment effeciency of cleaning center again.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method is to instruct relevant hardware to accomplish through program; Described program can be stored in the computer read/write memory medium; Described storage medium, as: ROM/RAM, magnetic disc, CD etc.
As shown in Figure 4, be the structural representation of embodiment of the invention distributed denial of service attack guard system.
This system comprises: scanning means 401 and cleaning device 402.Wherein, scanning means 401 is used for the port that timing scan is protected server, confirms the COS of said port; And generate corresponding said by the service strategy of protection server according to the COS of said port; Cleaning device 402 utilizes said service strategy to filter visiting said stream by the protection data in server.
To the situation that the protected server of a plurality of needs is arranged in network; Said system can further include: storage device 403; Be used for storage by the protection server list; Protected the IP address that comprises server in the server list at this, also can further be comprised the port that each server need scan.Certainly, the port that each server need scan also can be made as default value, such as, all of the port of scanning server perhaps only scans http port (default value is 80) etc.
Preferably, said scanning means 401 comprises: port selected cell 411, status checkout unit 412, COS are confirmed unit 413 and tactful generation unit 414.Wherein:
Port selected cell 411 is used for selecting said by one or more ports of being protected server of protection server list; Status checkout unit 412 is used to check whether said port is in open state; COS confirms that unit 413 is used for to confirming that through said status checkout unit inspection the port that is in open state sends predetermined packet, and the packet that returns according to said port is confirmed the COS of said port; Strategy generation unit 414 is used for generating the corresponding said service strategy of being protected server according to the COS of said port, and said service strategy can comprise following a kind of or multiple arbitrarily: illegal ports filter, protocol contents inspection, protocol data speed limit.Certainly, the service strategy in the embodiment of the invention is not limited in these several kinds, according to the practical application needs, can also generate thinner service strategy.
Utilize embodiment of the invention distributed denial of service attack guard system; Can realize protection to the DDOS attack; Application service flood safety problem on the similar UDP of solution stateless service; Guarantee the safety of application layer data, detailed process can be given unnecessary details at this with reference to the description among the inventive method embodiment of front no longer in detail.
As shown in Figure 5, be the another kind of structural representation of embodiment of the invention distributed denial of service attack guard system.
Be that with difference embodiment illustrated in fig. 4 in this embodiment, said system also comprises: supervising device 404, it is said by protection data in server stream to be used for real-time test access, and after in finding said data flow, the data of attack being arranged, notice cleaning device 402.Like this, cleaning device 402 can also clean said data flow according to preset protection algorithm, and said preset protection algorithm can be conventional protection algorithm to three layers, four layers.
Utilize embodiment of the invention distributed denial of service attack guard system, can realize protection simultaneously three layers, four layers and application layer.Not only can guarantee to be protected the fail safe of server, and can improve the treatment effeciency of cleaning center.
When concrete the application, embodiment of the invention distributed denial of service attack guard system and can have multiple mode in the network being connected of equipment.
As shown in Figure 6, be a kind of application networking sketch map of embodiment of the invention distributed denial of service attack guard system.
In this networking mode; Embodiment of the invention distributed denial of service attack guard system 60 is serially connected on the networking between router 67 and the router 65; Cleaning device 602 wherein is used for visit is cleaned by the data flow of protection server 61,62,63,64 in real time, attacks to prevent three layers, four layers DDOS.Simultaneously; Scanning means 601 in the said system 60 is regularly scanned by the protection server said through router 65; And generating corresponding service strategy, cleaning device 602 filters the data flow after cleaning according to this service strategy, such as; At first carry out illegal ports filter, the data flow of visiting the not open port is directly abandoned; The data flow of access open port is carried out the protocol contents inspection, promptly utilize the protocol format of application protocol to carry out the data packet format verification, incongruent packet directly abandons; In addition, can also further carry out the protocol data speed limit and handle, such as, the service priority of confirming according to the importance and the user of service dynamically generates the speed limit threshold value of each service, and assurance user's important flow can preferentially pass through.
As shown in Figure 7, be that the another kind of embodiment of the invention distributed denial of service attack guard system is used the networking sketch map.
In this networking mode; Embodiment of the invention distributed denial of service attack guard system 70 is through the up-downgoing data flow of parallel way real-time listening network; Various detection algorithms can be set in supervising device 703 to be analyzed, judges the network data that listens to; In case judging has the attack data, then notifies cleaning device 702.Cleaning device 702 can be communicated by letter with the core router in the network; Just send an information of upgrading route to the upper strata router after having notice; Downlink data just can pass through cleaning device 702 like this, and cleaning device 702 cleans downstream data flow with the protection algorithm that presets according to the testing result of supervising device 703.Simultaneously, scanning means 701 regularly scans quilt protection server 71,72,73 through the core router in the network, and generation is protected the service strategy of server corresponding to each according to scanning result, and said service strategy is sent to cleaning device 702.Like this, cleaning device 702 further filters the data flow after cleaning according to this service strategy, such as, at first carry out illegal ports filter, the data flow of visiting the not open port is directly abandoned; The data flow of access open port is carried out the protocol contents inspection, promptly utilize the protocol format of application protocol to carry out the data packet format verification, incongruent packet directly abandons; In addition, can also further carry out the protocol data speed limit and handle, such as, the service priority of confirming according to the importance and the user of service dynamically generates the speed limit threshold value of each service, and assurance user's important flow can preferentially pass through.Like this, not only can guarantee to be protected the fail safe of server, and can improve the treatment effeciency of cleaning center.
Visible by the foregoing description, no matter which kind of networking mode utilizes embodiment of the invention distributed denial of service attack guard system, can realize protection simultaneously to three layers, four layers and application layer.
The embodiment of the invention also provides a kind of scanning means, and is as shown in Figure 8, is the structural representation of this scanning means.
In this embodiment, said scanning means comprises: port selected cell 801, status checkout unit 802, COS are confirmed unit 803 and tactful generation unit 804.Wherein, port selected cell 801 is used to select to be protected one or more ports of server; Status checkout unit 802 is used to check whether said port is in open state; COS is confirmed unit 803, is used for to confirming that through said status checkout unit inspection the port that is in open state sends predetermined packet, and the packet that returns according to said port is confirmed the COS of said port; Strategy generation unit 804 is used for generating the corresponding said service strategy of being protected server according to the COS of said port, and said service strategy comprises following a kind of or multiple arbitrarily: illegal ports filter, protocol contents inspection, protocol data speed limit.
Utilize the scanning means of the embodiment of the invention, can scan, confirm the COS of said port, and generate corresponding said by the service strategy of protection server according to the COS of said port by the port of protection server.Concrete scanning process can be with reference to the description in the method for the front embodiment of the invention.
The embodiment of the invention also provides a kind of cleaning device, and is as shown in Figure 9, is the structural representation of this cleaning device.
In this embodiment, said cleaning device 900 comprises: filter element 901 and cleaning unit 902.Wherein, filter element 901, the service strategy that is used to utilize in advance the COS according to Service-Port to generate is filtered by protection data in server stream visit; Cleaning unit 902 is used for according to preset protection algorithm being cleaned by the attack data of protection data in server stream.
Wherein, the generation of service strategy can have multiple implementation, and is same, and preset protection algorithm also can have multiple.Utilize the cleaning device of the embodiment of the invention, can realize protection simultaneously, guarantee by the fail safe of protection server to three layers, four layers and application layer.
More than the embodiment of the invention has been carried out detailed introduction, used embodiment among this paper the present invention set forth, the explanation of above embodiment just is used for help understanding method and apparatus of the present invention; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that on embodiment and range of application, all can change, in sum, this description should not be construed as limitation of the present invention.
Claims (10)
1. a distributed denial of service attack means of defence is characterized in that, comprising:
Timing scan is protected one or more ports of server, confirms the COS of said port;
COS according to said port generates corresponding said by the service strategy of protection server;
Utilize said service strategy to filter to visiting said stream by the protection data in server;
Said timing scan is protected one or more ports of server, confirms that the COS of said port comprises:
Select to be checked by one or more ports of protection server whether said port is in open state;
Send predetermined packet to the port that is in open state;
The packet that returns according to said port is confirmed the COS of said port.
2. method according to claim 1 is characterized in that, whether the said port of said inspection is in open state comprises:
Send a request message to said port;
If receive the answer message of said port, confirm that then said port is in open state.
3. method according to claim 1 is characterized in that, said service strategy comprises following a kind of or multiple arbitrarily: illegal ports filter, protocol contents inspection, protocol data speed limit.
4. according to each described method of claim 1 to 3, it is characterized in that said method also comprises:
Test access is said by protection data in server stream in real time;
If finding has the attack data in the said data flow, then said data flow is cleaned according to preset protection algorithm.
5. a distributed denial of service attack guard system is characterized in that, comprising:
Scanning means is used for one or more ports that timing scan is protected server, confirms the COS of said port; And generate corresponding said by the service strategy of protection server according to the COS of said port;
Cleaning device utilizes said service strategy to filter visiting said stream by the protection data in server;
Said scanning means comprises:
The port selected cell is used to select to be protected one or more ports of server;
The status checkout unit is used to check whether said port is in open state;
COS is confirmed the unit, is used for to confirming that through said status checkout unit inspection the port that is in open state sends predetermined packet, and the packet that returns according to said port is confirmed the COS of said port;
The strategy generation unit is used for generating corresponding said by the service strategy of protection server according to the COS of said port.
6. system according to claim 5 is characterized in that, said system also comprises:
Storage device is used for storage by the protection server list;
Said port selected cell is selected by one or more ports of protection server by the protection server list according to said.
7. system according to claim 5 is characterized in that, said service strategy comprises following a kind of or multiple arbitrarily: illegal ports filter, protocol contents inspection, protocol data speed limit.
8. according to each described system of claim 5 to 7, it is characterized in that said system also comprises:
Supervising device, it is said by protection data in server stream to be used for real-time test access, and after in finding said data flow, the data of attack being arranged, notifies said cleaning device;
Said cleaning device also is used for according to preset protection algorithm said data flow being cleaned.
9. a scanning means is characterized in that, comprising:
The port selected cell is used to select to be protected one or more ports of server;
The status checkout unit is used to check whether said port is in open state;
COS is confirmed the unit, is used for to confirming that through said status checkout unit inspection the port that is in open state sends predetermined packet, and the packet that returns according to said port is confirmed the COS of said port;
The strategy generation unit is used for generating corresponding said by the service strategy of protection server according to the COS of said port.
10. scanning means according to claim 9 is characterized in that, said service strategy comprises following a kind of or multiple arbitrarily: illegal ports filter, protocol contents inspection, protocol data speed limit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810189812A CN101447996B (en) | 2008-12-31 | 2008-12-31 | Defending method for distributed service-refusing attack and system and device thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810189812A CN101447996B (en) | 2008-12-31 | 2008-12-31 | Defending method for distributed service-refusing attack and system and device thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101447996A CN101447996A (en) | 2009-06-03 |
| CN101447996B true CN101447996B (en) | 2012-08-29 |
Family
ID=40743393
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810189812A Active CN101447996B (en) | 2008-12-31 | 2008-12-31 | Defending method for distributed service-refusing attack and system and device thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101447996B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102118255B (en) * | 2009-12-30 | 2013-11-06 | 华为技术有限公司 | Adaptive method, device and system of network element (NE) |
| CN102137075A (en) * | 2010-01-27 | 2011-07-27 | 中华电信股份有限公司 | System and method for preventing DDoS (Distributed Denial of Service) attack |
| CN103368858B (en) * | 2012-04-01 | 2016-01-20 | 百度在线网络技术(北京)有限公司 | The flow cleaning method that many strategy combinations load and device |
| CN102843367A (en) * | 2012-08-13 | 2012-12-26 | 北京神州绿盟信息安全科技股份有限公司 | Denial-of-service protective strategy configuration method and device and relevant equipment |
| CN103812693B (en) * | 2014-01-23 | 2017-12-12 | 汉柏科技有限公司 | A kind of cloud computing protection processing method and system based on different type service |
| CN106330962B (en) * | 2016-09-30 | 2019-04-12 | 中国联合网络通信集团有限公司 | A kind of flow cleaning management method and device |
| CN108574681B (en) * | 2017-03-13 | 2020-08-21 | 贵州白山云科技股份有限公司 | Intelligent server scanning method and device |
| CN107018084B (en) * | 2017-04-12 | 2020-10-27 | 南京工程学院 | DDOS attack defense network security method based on SDN framework |
| CN107070928B (en) * | 2017-04-19 | 2020-08-21 | 北京网康科技有限公司 | Application layer firewall and processing method thereof |
| CN110213214B (en) * | 2018-06-06 | 2021-08-31 | 腾讯科技(深圳)有限公司 | Attack protection method, system, device and storage medium |
| CN110875908B (en) * | 2018-08-31 | 2022-12-13 | 阿里巴巴集团控股有限公司 | Method and equipment for defending distributed denial of service attack |
| CN112367331B (en) * | 2020-11-18 | 2023-07-04 | 简和网络科技(南京)有限公司 | Real-time processing system and method for denial of service attack based on running state of computer system |
| CN113923027A (en) * | 2021-10-11 | 2022-01-11 | 中国建设银行股份有限公司 | Traffic suppression method for reflective DDoS attack and related device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1719783A (en) * | 2004-07-09 | 2006-01-11 | 国际商业机器公司 | Method and system for dentifying a distributed denial of service (DDOS) attack within a network and defending against such an attack |
| EP1705863A1 (en) * | 2005-03-25 | 2006-09-27 | AT&T Corp. | Method and apparatus for traffic control of dynamic denial of service attacks within a communications network |
| CN1988439A (en) * | 2006-12-08 | 2007-06-27 | 亿阳安全技术有限公司 | Device and method for realizing network safety |
-
2008
- 2008-12-31 CN CN200810189812A patent/CN101447996B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1719783A (en) * | 2004-07-09 | 2006-01-11 | 国际商业机器公司 | Method and system for dentifying a distributed denial of service (DDOS) attack within a network and defending against such an attack |
| EP1705863A1 (en) * | 2005-03-25 | 2006-09-27 | AT&T Corp. | Method and apparatus for traffic control of dynamic denial of service attacks within a communications network |
| CN1988439A (en) * | 2006-12-08 | 2007-06-27 | 亿阳安全技术有限公司 | Device and method for realizing network safety |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101447996A (en) | 2009-06-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101447996B (en) | Defending method for distributed service-refusing attack and system and device thereof | |
| CN101309150B (en) | Distributed service attack refusing defense method, apparatus and system | |
| Gu et al. | Worm detection, early warning and response based on local victim information | |
| Wu et al. | An effective architecture and algorithm for detecting worms with various scan techniques | |
| Zou et al. | Routing worm: A fast, selective attack worm based on ip address information | |
| Mirkovic et al. | A taxonomy of DDoS attack and DDoS defense mechanisms | |
| CN102263788B (en) | Method and equipment for defending against denial of service (DDoS) attack to multi-service system | |
| Zou et al. | The monitoring and early detection of internet worms | |
| CN101616129B (en) | Method, device and system for network attack defense and traffic overload protection | |
| CN102111394B (en) | Network attack protection method, equipment and system | |
| CN101631026A (en) | Method and device for defending against denial-of-service attacks | |
| CN108156079B (en) | Data packet forwarding system and method based on cloud service platform | |
| JP2007208861A (en) | Illegal access monitoring apparatus and packet relaying device | |
| Chen et al. | Detecting and Preventing IP-spoofed Distributed DoS Attacks. | |
| Priyadharshini et al. | Prevention of DDOS attacks using new cracking algorithm | |
| CN108810008A (en) | Transmission control protocol traffic filtering method, apparatus, server and storage medium | |
| Liljenstam et al. | Comparing passive and active worm defenses | |
| Xia et al. | Effective worm detection for various scan techniques | |
| Fallah et al. | TDPF: a traceback‐based distributed packet filter to mitigate spoofed DDoS attacks | |
| Kannan et al. | Analyzing Cooperative Containment of Fast Scanning Worms. | |
| Malliga et al. | Filtering spoofed traffic at source end for defending against DoS/DDoS attacks | |
| Thang et al. | Synflood spoofed source DDoS attack defense based on packet ID anomaly detection with bloom filter | |
| JP5193362B2 (en) | Access level security device and security system | |
| Nakashima et al. | Performance estimation of TCP under SYN flood attacks | |
| Li et al. | Evaluation of Collaborative Worm Containments on DETER Testbed. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD. Free format text: FORMER NAME: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee after: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd. Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee before: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES Co.,Ltd. |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20220829 Address after: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee after: HUAWEI TECHNOLOGIES Co.,Ltd. Address before: 611731 Qingshui River District, Chengdu hi tech Zone, Sichuan, China Patentee before: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd. |
|
| TR01 | Transfer of patent right |